Implement mta-sts and move mail services to specific domain

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-07-01 22:07:52 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-07-01 22:07:52 +0200
commit: afcc5de071dfffdc507995d1845372ba40dc1dc2 (patch)
tree: c96fe6b4d915e7382316a57d0d626760a7fd2876 /modules/private/websites/tools/mail/default.nix
parent: 2f16a987d306cdb7bf9b4e80fa4af173373719bd (diff)
download: Nix-afcc5de071dfffdc507995d1845372ba40dc1dc2.tar.gz
Nix-afcc5de071dfffdc507995d1845372ba40dc1dc2.tar.zst
Nix-afcc5de071dfffdc507995d1845372ba40dc1dc2.zip
1 files changed, 75 insertions, 0 deletions
diff --git a/modules/private/websites/tools/mail/default.nix b/modules/private/websites/tools/mail/default.nix
new file mode 100644
index 0000000..ea0a27f
--- /dev/null
+++ b/modules/private/websites/tools/mail/default.nix
@@ -0,0 +1,75 @@
+{ lib, pkgs, config, myconfig,  ... }:
+let
+  roundcubemail = pkgs.callPackage ./roundcubemail.nix {
+    inherit (pkgs.webapps) roundcubemail roundcubemail-plugins roundcubemail-skins;
+    env = myconfig.env.tools.roundcubemail;
+  };
+  rainloop = pkgs.callPackage ./rainloop.nix {};
+  cfg = config.myServices.websites.tools.email;
+in
+{
+  options.myServices.websites.tools.email = {
+    enable = lib.mkEnableOption "enable email website";
+  };
+  imports = [
+    ./mta-sts.nix
+  ];
+  config = lib.mkIf cfg.enable {
+    secrets.keys = roundcubemail.keys;
+    services.websites.env.tools.modules =
+      [ "proxy_fcgi" ]
+      ++ rainloop.apache.modules
+      ++ roundcubemail.apache.modules;
+    services.websites.env.tools.vhostConfs.mail = {
+      certName   = "mail";
+      addToCerts = true;
+      hosts      = ["mail.immae.eu"];
+      root       = "/run/current-system/webapps/_mail";
+      extraConfig = [
+        rainloop.apache.vhostConf
+        roundcubemail.apache.vhostConf
+        ''
+          <Directory /run/current-system/webapps/_mail>
+            Require all granted
+            Options -Indexes
+          </Directory>
+        ''
+      ];
+    };
+    systemd.services = {
+      phpfpm-rainloop = {
+        after = lib.mkAfter rainloop.phpFpm.serviceDeps;
+        wants = rainloop.phpFpm.serviceDeps;
+      };
+      phpfpm-roundcubemail = {
+        after = lib.mkAfter roundcubemail.phpFpm.serviceDeps;
+        wants = roundcubemail.phpFpm.serviceDeps;
+      };
+    };
+    services.phpfpm.pools.roundcubemail = {
+      listen = roundcubemail.phpFpm.socket;
+      extraConfig = roundcubemail.phpFpm.pool;
+      phpOptions = config.services.phpfpm.phpOptions + roundcubemail.phpFpm.phpConfig;
+    };
+    services.phpfpm.poolConfigs = {
+      rainloop = rainloop.phpFpm.pool;
+    };
+    system.activationScripts = {
+      roundcubemail = roundcubemail.activationScript;
+      rainloop = rainloop.activationScript;
+    };
+    myServices.websites.webappDirs = {
+      _mail = ./www;
+      "${roundcubemail.apache.webappName}" = roundcubemail.webRoot;
+      "${rainloop.apache.webappName}" = rainloop.webRoot;
+    };
+  };
+}
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-07-01 22:07:52 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-07-01 22:07:52 +0200
commit	afcc5de071dfffdc507995d1845372ba40dc1dc2 (patch)
tree	c96fe6b4d915e7382316a57d0d626760a7fd2876 /modules/private/websites/tools/mail/default.nix
parent	2f16a987d306cdb7bf9b4e80fa4af173373719bd (diff)
download	Nix-afcc5de071dfffdc507995d1845372ba40dc1dc2.tar.gz Nix-afcc5de071dfffdc507995d1845372ba40dc1dc2.tar.zst Nix-afcc5de071dfffdc507995d1845372ba40dc1dc2.zip

diff --git a/modules/private/websites/tools/mail/default.nix b/modules/private/websites/tools/mail/default.nix new file mode 100644 index 0000000..ea0a27f --- /dev/null +++ b/modules/private/websites/tools/mail/default.nix
@@ -0,0 +1,75 @@
	1	{ lib, pkgs, config, myconfig, ... }:
	2	let
	3	roundcubemail = pkgs.callPackage ./roundcubemail.nix {
	4	inherit (pkgs.webapps) roundcubemail roundcubemail-plugins roundcubemail-skins;
	5	env = myconfig.env.tools.roundcubemail;
	6	};
	7	rainloop = pkgs.callPackage ./rainloop.nix {};
	8	cfg = config.myServices.websites.tools.email;
	9	in
	10	{
	11	options.myServices.websites.tools.email = {
	12	enable = lib.mkEnableOption "enable email website";
	13	};
	14
	15	imports = [
	16	./mta-sts.nix
	17	];
	18
	19	config = lib.mkIf cfg.enable {
	20	secrets.keys = roundcubemail.keys;
	21
	22	services.websites.env.tools.modules =
	23	[ "proxy_fcgi" ]
	24	++ rainloop.apache.modules
	25	++ roundcubemail.apache.modules;
	26
	27	services.websites.env.tools.vhostConfs.mail = {
	28	certName = "mail";
	29	addToCerts = true;
	30	hosts = ["mail.immae.eu"];
	31	root = "/run/current-system/webapps/_mail";
	32	extraConfig = [
	33	rainloop.apache.vhostConf
	34	roundcubemail.apache.vhostConf
	35	''
	36	<Directory /run/current-system/webapps/_mail>
	37	Require all granted
	38	Options -Indexes
	39	</Directory>
	40	''
	41	];
	42	};
	43	systemd.services = {
	44	phpfpm-rainloop = {
	45	after = lib.mkAfter rainloop.phpFpm.serviceDeps;
	46	wants = rainloop.phpFpm.serviceDeps;
	47	};
	48	phpfpm-roundcubemail = {
	49	after = lib.mkAfter roundcubemail.phpFpm.serviceDeps;
	50	wants = roundcubemail.phpFpm.serviceDeps;
	51	};
	52	};
	53
	54	services.phpfpm.pools.roundcubemail = {
	55	listen = roundcubemail.phpFpm.socket;
	56	extraConfig = roundcubemail.phpFpm.pool;
	57	phpOptions = config.services.phpfpm.phpOptions + roundcubemail.phpFpm.phpConfig;
	58	};
	59	services.phpfpm.poolConfigs = {
	60	rainloop = rainloop.phpFpm.pool;
	61	};
	62	system.activationScripts = {
	63	roundcubemail = roundcubemail.activationScript;
	64	rainloop = rainloop.activationScript;
	65	};
	66
	67	myServices.websites.webappDirs = {
	68	_mail = ./www;
	69	"${roundcubemail.apache.webappName}" = roundcubemail.webRoot;
	70	"${rainloop.apache.webappName}" = rainloop.webRoot;
	71	};
	72
	73	};
	74
	75	}